Foundations Team Updates - Thursday 19 Oct 2023

Previous week’s status can be found at Foundations Team Updates - Thursday 12 Oct 2023

1 Like


  • initramfs-tools: bug triage


+1 maintenance


I spend my time ensuring that all blocked packages failures are documented and reported in Debian / upstream where applicable. I created a bunch of bug reports:

Tickets for the archive admins


I stumbled over Debian bug #1052847 and submitted a better fix for upstream marshmallow:


pd-xsample 0.3.2+git20170905.1.4441ae5-6 fails to build on ppc64el. I fixed the last complaint from the build log and submitted it upstream. Then I noticed that this was only a warning and not the culprit. The relevant error message was printed way earlier. The latest upload enabled building Pd64 externals, but vec_dst only supports float but not double. So I disabled this change for ppc64el and uploaded pd-xsample 0.3.2+git20170905.1.4441ae5-7 to Debian unstable.

Syncs to fix failures

Following package should be (auto-)synced after the archive openening:

  • Sync 1.6.3-1 to fix proposed-migration for cgreen 1.5.1-1build1
  • Sync python-aiortc 1.5.0-3 to unblock the python3-aioice/0.9.0-1 migration
  • Sync sublime-music/0.12.0-1 - this should solve the autopkgtest failure with dataclasses-json 0.5.13-2
  • Sync gpac >= 2.2.1+dfsg1-2 which builds with ffmpeg 6.0
  • Sync pd-xsample 0.3.2+git20170905.1.4441ae5-7 which fixed the build failure on ppc64el



  • review Netplan diff backend PR, #386
  • reviews of generic PSK + EAP password solution, #416
  • review Documentation spelling checker CI, #417
  • Working on a Focal/Core20 reproducer/test, LP: #1959570
  • Netplan everywhere blog post


  • Interviewer training
  • take-home tests
  • (many) written interviews


  • PR #150 - Support the keep-enabled parameter in ubuntu-image extra-ppas

    • added some improvements following the review
  • PR #148 - ubuntu-image ‘pack’ support

    • added some improvements, waiting for a review
  • PR #152 - Improve tests performance (reduce disk usage and test duration)

    • Merged
  • PR # 157 - Use eatmydata to speedup image build

    • Proposed. I am still unable to find a use case where using eatmydata is making a difference
  • PR # 155 - Clean image build leftovers

    • Proposed, waiting for a review
  • PR #143 - The ‘fstab’ of ‘customization’ destroy original fstab content

    • added some improvements to also fix another bug @waveform found a couple years ago (LP #1955019)
  • Devised a strategy to fix LP#2038111. Waiting for a review to move forward.

  • Did some research on tools similar to ubuntu-image and livecd-rootfs to get an overview of different ways to solve the “image building” problem.

+1 Maintenance

Remaining of the +1 week



  • Micro releases for 1.20 (1.20.9 & 1.20.10) and 1.21 (1.21.2 & 1.21.3).
    Updated in Debian and Snap, and FIPS packages. Ubuntu archive packages are not updated due to freeze.

  • Open LP #2039794. Go 1.22 (not released yet) is going to use KMCTR and other crypto instructions on s390x. Illegal instruction on launchpad builder.

  • Revise specification for Go dev tools snap.


I was out on Thursday and Friday of last week.


  • .NET 8 RC1 is live on Mantic! (
    • Removed .git folder build dependency, which shrinks the orig tarball from 1GB to 200MB.
    • Cleaned up lintian warnings and d/copyrights file.
  • Packaged .NET 8 RC2 (released today).
    • Fixed lingering prebuilts symlink issue by removing reference on d/rules file.
    • More d/copyrights clean-up.
  • Attended weekly .NET partners sync meeting


  • Investigating nvme-of test case for the nvme-stas package, which runs on amd64 but fails on other platforms.


  • Analysis of the default TLS configuration of several packages and discussions on what they should be


  • Prepared lightning talk (there’s also a lot more material) for crypto-config


  • Investigated Network Manager crashes reported in LP#2038811
  • Worked on a workaround for a parser issue reported from time ago related to the parsing of access-points PR#413
  • Fixed a problem related to wireguard endpoints that was causing problems with Network Manager PR#414
  • Fixed a problem in the keyfile parser where it was generating the incorrect configuration for some EAP methods PR#415
  • Added a spelling check step to the Github CI PR#417
  • Working on a more complete fix for a problem related to EAP authentication that’s causing problems with Network Manager PR#416
  • Preparing the SRU containing some fixes for the problems that are leading to Network Manager crashes


  • TCK 17 - created a private git repo with the TCK material (which is received from Oracle and is proprietary) and initial scripting to run the compliance tests in Docker containers. Tested on amd64, arm64, ppc64el and s390x.

  • debian/copyright - Submitted an MR with the openjdk copyright generator rewritten in Python (it was written in Perl first, which isn’t permitted as per Debian policy). Also submitted MRs to add the copyrights file (as well as the generator script) to openjdk versions 11, 17 and 21.

  • CRaC - Investigated the feasibility of shipping a CRaC (Coordinated Restore at Checkpoint JDK package] on Ubuntu) enabled JDK package. CRaC is a JVM wrapper around CRIU (Checkpoint and Restore in Userspace). I built a package with some hacks, installed it and wrote a test that uses the crac API. Promised gains are visible. I am writing up a blog-post where I touch upon the practical aspects of packaging and maintaining it.

  • Code review: Reviewe Vladimir’s MP on backporting JTREG to jammy and focal.


  • Investigated OpenSSL support for key-stores. Turns out OpenSSL does not support any of the FIPS-approved Key Store formats.


  • Weekly Adoptium workgroup meetings
  • Written interview training
1 Like


  • prepared some experiments with os-prober running over multiple drives in parallel. It feels like it could result in a block probing speed up in some scenarios. But that requires work to determine what “drives” are on different physical disks.
  • looking for other ways to reduce block probing duration. Determining file-system minimal sizes and probing for installed OSes are the most time-consuming operations.
  • working on changing the way we deal with os-prober in the subiquity snap. Currently, the package is built based on a pre- 1.80 source tree. Considering adding a public PPA for subiquity so we can pull our own version of os-prober - with our patches already applied. This would require doing manual merges whenever a SRU of a package lands though.
  • help 23.10 release
  • code reviews, bug triage, and general catchup
  • 24.04 planning
  • subiquity
    • 23.10.1 release. Special thanks to @ogayot who did almost all the changelog creation.
    • PR: 1844 - start merging some out of sync content ahead of subiquity RTD site availability


  • Finished internal spec for the Rust development tools Snap
  • Currently backporting Rust 1.68, 1.69 and 1.70 to Lunar, Jammy and Focal


  • finishing internal .NET maintainer documentation
  • attended weekly .NET partners sync meeting

Ubuntu Packaging Guide

  • finishing new how-to articles
  • reviewed Documentation Team roadmap objectives and results for the packaging guide
  • attended weekly Ubuntu Packaging Guide meeting



I have been implementing an automated testing framework for GRUB. Currently we have the ability to:

  • Automatically provision VMs with cloud images
  • Install new shim+grub (or just GRUB in --no-shim mode for development)
  • Verify the VM successfully reboots after the new loaders were install
  • The ability to do the above using a set of different Secure Boot configurations
  • The ability to do the above on ARM64 and AMD64 (both with UEFI and PCBIOS)

I am currently working on implementing the ability to automatically sign unsigned copies of shim+GRUB, and verify the correct operation of Secure Boot without having to provide binaries signed with production keys.

  • Mesa testing for Core 22 updates in Firefox
  • Mantic release and all the fun that entailed:
  • Post-mantic release:
    • investigation of pre-generated machine-id and host SSH keys (LP: #2039434)
    • Investigating reports of Pi 5 fan spinning full speed on Ubuntu; current theory is it may be down to some differences in the registration of PWM devices
  • Worked on PyPI packaging of lgpio (apologies to the community that this was delayed during mantic’s release!)


  • Lots of ISO testing and bug checking for the release last week
  • Updated the netboot test(s) for subiquity MP#453468


  • Currently working on rewriting the apport hook for subiquity so bug reporting for subiquity is a consistent experience



  • bundle googletest and refresh problem lists in preparation for the security release. Update reproducible-properties-timestamp.patch patch. 1 2 3 4
  • uploaded openjdk-lts and openjdk-17 to the openjdk-security ppa
1 Like